How to invite users to the SharePoint Site without making them a member of the Team or Group
Ever since Microsoft 365 Groups were introduced in 2016, we have had a relatively simple and straightforward way to manage access to Microsoft 365 applications. However, scenarios often pop up when you need to deviate from the Microsoft 365 Group permission model and assign unique access to a SharePoint site. In this article, I would like to share a trick with you that, from my experience, many are unaware of. The trick is about setting unique permissions for a SharePoint Team Site that is connected to a Microsoft 365 Group. Let me explain everything below and give you a few use cases.
What is Microsoft 365 Group?
As mentioned above, we got the concept of a Microsoft 365 Group (or Office 365 Group as we used to call it) back in 2016. The idea behind it is that multiple Microsoft 365 applications are connected to this Microsoft 365 Group, which is essentially a security/membership group. The below screenshot shows some of the common elements/applications connected to a Microsoft 365 Group.
The idea is that by creating one component, it creates a Microsoft 365 membership group and all the other elements. For example, if I go to MS Teams and create a Team there, it will create a Team, a Microsoft 365 Group, a SharePoint Site, a Group calendar, etc. If I create a Team Site in SharePoint, it will once again create a Site, a Microsoft 365 Group, and all the other elements. Same with Planner; again, it will create it all.
Another idea behind the group is that the group membership controls access to the other applications. It is an all-or-nothing kind of thing. So, if you are a group member, you can chat in Teams, store files in SharePoint, and manage tasks in Planner. None of these can have unique access (except for a SharePoint site, which is the topic of this article). For example, we can’t have unique access to Teams or Planner. Again, you are either part of the group and have access to all apps, or you are not part of the group and do not have access to anything!
Use cases for unique permissions for a SharePoint Site
As mentioned above, SharePoint is kind of an exception to the rule (that is why I decided to become the SharePoint Maven and not Teams or Planner Maven 😊), and we can set unique permissions for it. But what would be the use cases for it? Let me list a few for you below.
- You have a project team/group/site and need to invite some users from Management or another department (i.e., Finance) to work or be able to access some documents stored on a SharePoint site. At the same time, you do not want to make then part of the Microsoft 365 Group as they will have access to Teams conversations, etc.
- You have a project team/group/site and would like to invite some external users to collaborate on some documents, but again, do not want them to access other group assets (Planner or Teams)
- You create a Microsoft 365 Group/Team to manage Client work and would like the external Client to access some documents on a client site that depicts their logo and other client information. Again, you do not want the Client to access your internal Teams Conversations or Tasks in Planner.
How to invite users to the SharePoint Site without making them a member of the Team or Group
For this demonstration, I have a Human Resources Team Site that was created from Microsoft Teams when a Team was created. As a result, it also created a Microsoft 365 Group + other assets (Planner, Group Calendar).
Mary and I are listed as members of the Microsoft 365 Group.
I now want to invite John to the SharePoint site without making John a member of the group. Here is how to achieve this.
- From a SharePoint site, click Gear Icon > Site permissions.
- Click on Add members drop-down, then Share site only.
- With the step above, we will invite John to the site only. The text explains exactly what will happen and warns you that you only invite users to the site itself and not to the overarching Microsoft 365 Group. Type the name of the user(s) you want to invite; you can also specify the permission level (Read, Edit, or Full Control) and click Add. In my case, I want to invite John and give him Read access to the site.
Experience for the User/Recipient
- The recipient (John, in my case) receives an email and follows the link.
- At that point, the user will have access to the site!
- However, if the user tries to navigate to the other assets of Microsoft 365 Group, he or she will get access denied message. Here is a screenshot of an error message John receives when he tries to access the Conversations link (Group inbox) from the SharePoint site.
- And here is John trying to access Plan in Planner.
- Likewise, John will not see or have access to an associated Team in MS Teams.
- Hopefully, the above makes sense, as the user is not part of a Microsoft 365 Group.